A Google Business Profile (GBP) is an online profile and directory listing for a company that includes important information such as location, contact info, pictures, reviews, hours of operation, and a link to the company’s website. Your Business Profile can appear in Google Maps and local search results when people search for you or the services and products you offer. 

Google Business Profiles are a key part of your local SEO strategy. To appear in the Local Pack, you must have an optimized Google Business Profile. The Local Pack and your GBP are often the first and only things consumers use to answer their searches. It appears at the top of search engine results and takes up a lot of digital real estate, so your GBP must show up.  

Your Google Business Profile won’t show up at all if you’ve fallen victim to GBP profile scammers.  

Why Google Business Profile Theft is Increasing (100M+ Blocked Attempts) 

Recently, there has been an increase in scams related to Google Business Profiles. This new scam harms businesses and destroys the positive online reputation they have worked so hard to establish.  

In 2021, Google blocked more than 100 million fraudulent Google Business Profile edits made by online profile thieves. Additionally, about seven million fake Business Profiles were removed from Google 

Digital scams have been growing in recent years, and it’s something every business owner needs to be aware of. In this article, we’ll be covering how Google Business Profile theft occurs and how you can protect yourself from this scam. 

How to Prevent Google Business Profile Scams: 5 Security Steps 

There are five simple steps to follow to prevent the theft of your GBP from happening in the first place: 

1. Ensure You Are The Primary Owner of Your Profile 

Google Business Profile manage users screen showing the profile's Primary Owner

You can, and probably should, have multiple people with access to your Google Business Profile. However, we always recommend that you, as the business owner, are the primary owner of the profile. You can have multiple ‘Owners’ or ‘Managers’ of an account, but there is only one Primary Owner.  

2. Create a Backup Owner Account that You Have Access To  

Google Business Profile with backup accounts as owner

This is especially important if you have marketing people on your team who also have access to the account.  

We have seen many companies that have lost access to their Google Business Profiles because only one person had access to their account, and that person left the organization. If this happens, it is possible to recover your account, but this is an inconvenience you’re better off avoiding.   

3. Be Thoughtful When Granting Access Levels to Your Google Business Profile 

Google Business Profile access levels

There are different access levels on your GBP. When granting permissions, ensure you only grant the access level required for that user. There are three levels of ownership for a GBP – Primary Owner, Owner, and Manager. Best practices recommend giving new users the lowest possible ownership they need to do their job effectively.     

Primary Owners  

Primary Owners are the most important accounts for any GBP profile. They can control all of the information, add and remove people, and delete the profile.  

Owners  

Owners have almost identical responsibilities within the GBP, except they cannot remove the Primary Owner.  

Managers 

Managers can edit information and share posts, but they do not have the ability to add or remove users or delete the profile.  

4. Enable Two-Factor Authentication on Your Google Workspace Email 

There really is no better way to protect your Google Workspace account than to enable two-factor authentication (2FA). This allows you to add an extra line of defense against hackers if your password is compromised.  

5. Limit the Number of People Who Have Access to Your GBP Account 

It’s important to make sure that only the people who need access to your account have it. Remove former employees and partners that no longer need access to limit the access points to your profile.  

Now that you know how to prevent GBP theft, let’s take a deeper look into how GBP theft happens in the first place and what it can mean for you and your business. 

7 Common Google Business Profile Scams Targeting Small Businesses 

These are some of the most common ways criminals might try to take advantage of you and your Google Business Profile.  

Google Business Profile Hijacking: How Scammers Steal Your Listing 

The intent of a Business Profile thief is to use your positive reviews, images, and other legitimate profile stats to trick the public into getting in touch with them. If you find that your Business Profile has been hacked by a scammer, you’ll need to contact Google support to get your profile back (or work with your digital marketing agency, like RYNO). During this wait, your consumers may have already been taken advantage of, and your positive reviews can start to tank. 

Stealing Your Google Business Profile By Claiming Ownership 

Your Google Business Profile can be stolen whether or not you have claimed the profile.  If a profile has not been claimed, you’ll see a link prompting the business owner to claim and edit their profile.  

If a profile has been claimed, hackers can still gain access by clicking the “Own This Business?” link on a profile. This prompts an automatic email to be sent to the current owner’s inbox.  

If someone with access to this email account approves this request by mistake, your profile is now in the hands of a scammer. Once they have access to your account, it’s likely that they will lock you out of your account. Worse, if your email account is compromised, there’s really nothing you can do to prevent them from taking ownership and doing plenty more damage. 

If you ignore this request for access to your Google Business Profile, after three days, Google grants access to the requester automatically.  

Google Business Profile grants access to requesters automatically

If you see this request and you know that no one in your company has tried to access it, promptly reject the request. You can also file a report to Google about the email account that tried to access your profile. 

Accessing Your Account through Phishing Attempts 

Hackers may use sophisticated emails to trick you into sharing your personal information. They will send an email that looks nearly identical to an authentic email from Google. They might have an email address that looks official, too.  

GBP community forum discussing the rise in Google Business Profile phishing scams

Those emails will likely prompt you to enter your login information to verify your account or fix some sort of detail. Once you do that, the hacker will take control of your account and kick you out. Before you click on any link in an email from Google, do the following:  

  1. Carefully check the “from” email address. 
  2. Hover over the link you are supposed to click and make sure it goes where it says it’s supposed to go.  
  3. Take a few moments to consider if the request makes sense. 

If you’re not sure if an email is legitimate or not, loop in your IT department – they will be able to help you assess if you need to take action or not.  

Fake Google Phone Calls: How to Spot Business Profile Scammers 

Phone calls are another way scammers may try to get your information, claim ownership of your Google Profile, get money from you, or access your company’s email. They might call you to say that there is a security issue, ask you to confirm information, or tell you that you need to pay a fee. This is always a scam.   

To be clear – Google will never call you if there is a problem with your account. Any outreach will come from a verified Google email address.  

Google does not call you if your account is hacked, they will reach out via email

Scammers are so skilled at their craft that they can even make it appear as though the number they are calling from is a legitimate Google number. This is called spoofing. Google will not call you, so feel free to send the scammer straight to voicemail.   

Google Business Profile Verification Scams (Don’t Pay These Fees) 

Sometimes scammers might contact you to let you know you owe a fee to verify your profile. Google Business Profiles have always been and will continue to be free to set up and manage.  

If someone tells you that you need to pay a fee to verify your account, this is a scam.  

You never need to pay to verify a Google Business Profile account

There is no additional cost to verify your account, and paying for it will not allow you to verify your account any quicker.   

Review Blackmail 

Another way attackers might try to exploit your online profile is through a tactic called review blackmail. Attackers will use accounts they have created to leave a string of negative 1-star reviews on your profile. Once they have done that, they will make contact and threaten to leave more negative reviews unless you pay blackmail or offer to take the current negative reviews down if you pay.  

This is a slippery slope, and we do not recommend paying to remove or prevent negative reviews. If this ever happens to you, take recordings or screenshots of the scammer’s demands. This will help you when you file a report with Google. Proof that your negative reviews are fake will help tremendously in taking those reviews down.  

On the flip side, some scammers will offer to sell you positive reviews. Although less insidious than blackmailing with negative reviews, we highly recommend you avoid doing this. It is against Google’s Terms of Service and could get your account penalized or removed entirely.  

Signs Your Google Business Profile Has Been Hacked 

One of the most obvious red flags is that your Google Workspace is having unusual logins. If you’re seeing users you don’t recognize accessing files, especially ones from outside of the country where you operate, you may have been infiltrated. You may also see some failed login attempt emails to your account from Google in your inbox. Don’t ignore these! 

Other major warning signs can include unusual email activity you don’t recognize originating from your account, or file sharing activities you don’t recall taking. In short, any activity involving your Google accounts or workspaces that you believe is unusual is a sign that something isn’t quite right. Be sure to take this seriously and involve your IT department or web admin to investigate further. 

Remember, being diligent to monitor activity on your Google Business Profile as well as your Google Workspace is the first step to preventing unwarranted access. 

How to Recover a Stolen Google Business Profile 

There are a few things you should do if you have been scammed, lost control of your Google workspace, or granted access to someone who doesn’t belong.  

  • If possible, remove any unwanted or unauthorized accounts from your GBP. 
  • If you have given away sensitive information, be sure to change your passwords and enable two-factor authentication.  
  • If you have sent a scammer money, contact your bank to dispute the charges. 
  • Contact Google support to start working with them to undo any damage that has been done. 

Best practices to recover a hacked Google Business Profile from GBP scams

Google Business Profile Scam Consequences: Revenue Loss & Reputation Damage 

The consequences of Google Business Profile theft don’t just happen while your profile is being held hostage. Once you get your profile back again, you’ll have to do some serious damage control. Here’s what you might experience after falling victim to a Google Business Profile scam.  

Ruined Reputation 

If your clients get wind of this hack or any damages done to those who were in the wrong place at the wrong time, they may not continue to be repeat customers. This can also damage your relationships with creditors and business partners. Your customers may have a change in perception when it comes to your business and not see you as a secure investment anymore. You can lose trust and future business. Not to mention those who were affected by the scam artist will probably leave many negative reviews. 

Lost Revenue and Time 

Depending on how long the scam artist had control over your accounts, the financial loss can be quite devastating. As a business owner, you might find that due to the significant loss, you may struggle to pay employees, partners, vendors, and so on. Get in touch with your bank and try to file as many claims as you can to try to reverse some of the damages.  

In addition to lost revenue, you’re also going to be spending a lot of time recovering a stolen Business Profile. There are plenty of hoops to jump through to prove to Google you are the rightful owner, and that’s by design. Be prepared to spend a lot of time and effort recovering the listing. 

How to Claim Your Google Business Profile Before Scammers Do 

Claiming your GBP is easy! If your business hasn’t been claimed, go to http://business.google.com/add 

Then enter the name and address of your business and choose it from the search results. If it has, you can find your business using Google Search or Google Maps, and then select the Business Profile and click the “Claim This Business” link. Be Vigilant! 

If you haven’t already claimed your Google Business Profile, make this a top priority before you run into identity thieves. It’s a very simple process that can save you the headache of lost revenue, a tarnished reputation, unhappy customers, and having to build your business profile back up to its former glory. Your reputation and resources are at stake. Be vigilant! 

RYNO: Your Resident Google Business Profile Experts for Home Services 

Need help with your Google Business Profile? We’d be happy to help! RYNO is proud to support hundreds of home services businesses like yours to manage their local SEO and Google Business Profiles